Merge pull request #14 from jgrer/trivy-vuln-display

feat: trivy vulnerability display
project-copacetic · Jul 17, 2024 · d1101f6 · d1101f6
2 parents 00b590d + b46854c
commit d1101f6
Show file tree

Hide file tree

Showing 7 changed files with 442 additions and 103 deletions.
diff --git a/Makefile b/Makefile
@@ -1,11 +1,20 @@
 IMAGE?=copacetic/copacetic-docker-desktop-extension
 TAG?=latest
+COPA_VERSION?=latest
 
 BUILDER=buildx-multi-arch
 
 INFO_COLOR = \033[0;36m
 NO_COLOR   = \033[m
 
+# Check if COPA_VERSION is equal to "latest"
+ifeq ($(COPA_VERSION),latest)
+    latest_tag := $(shell curl --retry 5 -s "https://api.github.com/repos/project-copacetic/copacetic/releases/latest" | jq -r '.tag_name')
+    version := $(subst v,,$(latest_tag))
+else
+    version := $(COPA_VERSION)
+endif
+
 build-extension: ## Build service image to be deployed as a desktop extension
 	docker build --tag=$(IMAGE):$(TAG) .
 
@@ -21,6 +30,9 @@ prepare-buildx: ## Create buildx builder for multi-arch build, if not exists
 push-extension: prepare-buildx ## Build & Upload extension image to hub. Do not push if tag already exists: make push-extension tag=0.1
 	docker pull $(IMAGE):$(TAG) && echo "Failure: Tag already exists" || docker buildx build --push --builder=$(BUILDER) --platform=linux/amd64,linux/arm64 --build-arg TAG=$(TAG) --tag=$(IMAGE):$(TAG) .
 
+build-copa-image:
+	docker build --platform=linux/amd64 --build-arg copa_version=$(version) -t copa-extension container/copa-extension
+
 help: ## Show this help
 	@echo Please specify a build target. The choices are:
 	@grep -E '^[0-9a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "$(INFO_COLOR)%-30s$(NO_COLOR) %s\n", $$1, $$2}'

diff --git a/container/Dockerfile → container/copa-extension/Dockerfile b/container/Dockerfile → container/copa-extension/Dockerfile
@@ -27,8 +27,5 @@ RUN curl --retry 5 -fsSL -o copa.tar.gz https://github.com/project-copacetic/cop
     tar -zxvf copa.tar.gz && \
     cp copa /usr/local/bin/
 
-# Install Trivy
-RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.52.0
-
 # Code file to execute when the docker container starts up (`entrypoint.sh`)
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/container/entrypoint.sh → container/copa-extension/entrypoint.sh b/container/entrypoint.sh → container/copa-extension/entrypoint.sh
@@ -3,11 +3,12 @@
 set -ex;
 
 image=$1
-patched_tag=$2
-timeout=$3
-connection_format=$4
-format=$5
-output_file=$6
+report=$2
+patched_tag=$3
+timeout=$4
+connection_format=$5
+format=$6
+output_file=$7
 
 # parse image into image name
 image_no_tag=$(echo "$image" | cut -d':' -f1)
@@ -38,12 +39,8 @@ case "$connection_format" in
     ;;
 esac
 
-
-# run trivy to generate scan for image
-trivy image --vuln-type os --ignore-unfixed -f json -o scan.json $image
-
 # run copa to patch image
-if copa patch -i $image -r scan.json -t "$patched_tag" $connection --timeout $timeout $output;
+if copa patch -i $image -r output/"$report" -t "$patched_tag" $connection --timeout $timeout $output;
 then
     patched_image="$image_no_tag:$patched_tag"
     echo "patched-image=$patched_image"

diff --git a/contribute.md b/contribute.md
@@ -3,14 +3,14 @@
 Before proceeding, ensure that Docker Desktop is installed on your computer and using the WSL backend if using Windows.
 
 ## Building the copa-extenion image
-In order to run the extension locally, you need to build the `copa-extension` image specified in the `/container` folder so that the frontend can call `docker run` on the image.
+In order to run the extension locally, you need to build the `copa-extension` image image specified in the `/container/copa-extension` folder.
 
-Change your current directory to `/container` and run the following command:
+Run the following make command in the root directory to install it:
 
 ```
-docker build --platform=linux/amd64 --build-arg copa_version=0.6.2 -t copa-extension .
+make build-copa-image
 ```
-After the command finishes, confirm that an image named `copa-extension` is listed when you run the command `docker images`.
+After the command finishes, confirm that the image `copa-extension` is listed when you run the command `docker images`.
 
 ## Building the frontend image
 
@@ -22,6 +22,4 @@ make build-extension
 ```
 make install-extension
 ```
-After following the steps, the extension should be successfully installed in Docker Desktop. If you make any changes to the code, simply run make `update-extension` to see those changes reflected. 
-
-
+After following the steps, the extension should be successfully installed in Docker Desktop. If you make any changes to the code, run `make update-extension` to see those changes reflected.